From f30edf6174f22a247b5ce3d42a1c62d84396d017 Mon Sep 17 00:00:00 2001 From: Chris Negus Date: Tue, 26 Sep 2023 16:58:51 -0400 Subject: [PATCH] Cherry-pick of PR6672 (#6729) Co-authored-by: Chris Splinter --- .../cluster-upgrades/airgapped-upgrades.md | 45 ++++------ .../docs/getting-started/airgapped/_index.md | 82 ++++++------------- .../airgapped/airgap-packages.md | 13 +++ .../getting-started/airgapped/airgap-steps.md | 36 ++++++++ .../getting-started/baremetal/bare-prereq.md | 4 +- .../getting-started/chooseprovider/_index.md | 27 ++---- .../en/docs/getting-started/install/_index.md | 3 +- .../optional/registrymirror.md | 79 ++++++------------ docs/content/en/docs/packages/prereq.md | 33 ++++---- 9 files changed, 146 insertions(+), 176 deletions(-) create mode 100644 docs/content/en/docs/getting-started/airgapped/airgap-packages.md create mode 100644 docs/content/en/docs/getting-started/airgapped/airgap-steps.md diff --git a/docs/content/en/docs/clustermgmt/cluster-upgrades/airgapped-upgrades.md b/docs/content/en/docs/clustermgmt/cluster-upgrades/airgapped-upgrades.md index 36bf04982d88..b9852a228dbe 100644 --- a/docs/content/en/docs/clustermgmt/cluster-upgrades/airgapped-upgrades.md +++ b/docs/content/en/docs/clustermgmt/cluster-upgrades/airgapped-upgrades.md @@ -5,39 +5,26 @@ weight: 20 aliases: /docs/tasks/cluster/cluster-upgrades/airgapped-upgrades/ description: > - How to perform eks-anywhere upgrade for an airgapped cluster + Upgrading EKS Anywhere clusters in airgapped environments --- -If you want to upgrade EKS Anywhere version, or your cluster upgrade requires EKS Anywhere version upgrade in airgapped environment, perform the following steps to prepare new artifacts in your registry mirror: +The procedure to upgrade EKS Anywhere clusters in airgapped environments is similar to the procedure for creating new clusters in airgapped environments. The only difference is that you must upgrade your `eksctl anywhere` CLI before running the steps to download and import the EKS Anywhere dependencies to your local registry mirror. -1. [Upgrade EKS Anywhere version]({{< relref "./vsphere-and-cloudstack-upgrades.md#eks-anywhere-version-upgrades" >}}). +### Prerequisites +- An existing [Admin machine]({{< relref "../../getting-started/install" >}}) +- **The upgraded version of the `eksctl anywhere` CLI installed on the Admin machine** +- Docker running on the Admin machine +- At least 80GB in storage space on the Admin machine to temporarily store the EKS Anywhere images locally before importing them to your local registry. Currently, when downloading images, EKS Anywhere pulls all dependencies for all infrastructure providers and supported Kubernetes versions. +- The download and import images commands must be run on an amd64 machine to import amd64 images to the registry mirror. -1. Use the upgraded binary to download new artifacts that will be used by the cluster nodes to the Admin machine: - ```bash - eksctl anywhere download artifacts - ``` - A compressed file `eks-anywhere-downloads.tar.gz` will be downloaded. +### Procedure -1. Decompress this file: - ```bash - tar -xvf eks-anywhere-downloads.tar.gz - ``` - This will create an eks-anywhere-downloads folder that we’ll be using later. +{{% content "../../getting-started/airgapped/airgap-steps.md" %}} -1. Use the upgraded binary to download new images: - ```bash - eksctl anywhere download images -o images.tar - ``` +If the previous steps succeeded, all of the required EKS Anywhere dependencies are now present in your local registry. Before you upgrade your EKS Anywhere cluster, configure `registryMirrorConfiguration` in your EKS Anywhere cluster specification with the information for your local registry. For details see the [Registry Mirror Configuration documentation.]({{< relref "../../getting-started/optional/registrymirror/#registry-mirror-cluster-spec" >}}) -1. Use the upgraded binary to import new images to your local registry mirror. - ```bash - eksctl anywhere import images -i images.tar -r \ - --bundles ./eks-anywhere-downloads/bundle-release.yaml - ``` +>**_NOTE:_** If you are running EKS Anywhere on bare metal, you must configure `osImageURL` and `hookImagesURLPath` in your EKS Anywhere cluster specification with the location of the upgraded node operating system image and hook OS image. For details, reference the [bare metal configuration documentation.]({{< relref "../../getting-started/baremetal/bare-spec/#osimageurl" >}}) -1. If you want to upgrade your curated packages, you can import the newest curated package artifacts by - ``` - eksctl anywhere copy packages --bundle ${BUNDLE_RELEASE_YAML_PATH} --dst-cert ${REGISTRY_MIRROR_CERT} ${REGISTRY_MIRROR_URL} - ``` - then [activate the new package bundles]({{< relref "../../packages/packagebundles/#activating-a-package-bundle" >}}). - -1. You are now ready to [upgrade your cluster based on the cluster provider]({{< relref "../cluster-upgrades/" >}}). \ No newline at end of file +### Next Steps +- [Build upgraded node operating system images for your cluster]({{< relref "../../osmgmt/artifacts/#building-images-for-a-specific-eks-anywhere-version" >}}) +- [Upgrade a cluster on vSphere, Snow, Cloudstack, or Nutanix]({{< relref "./vsphere-and-cloudstack-upgrades" >}}) +- [Upgrade a cluster on bare metal]({{< relref "./baremetal-upgrades" >}}) \ No newline at end of file diff --git a/docs/content/en/docs/getting-started/airgapped/_index.md b/docs/content/en/docs/getting-started/airgapped/_index.md index c83403e6e20e..f7a78779f397 100644 --- a/docs/content/en/docs/getting-started/airgapped/_index.md +++ b/docs/content/en/docs/getting-started/airgapped/_index.md @@ -2,73 +2,39 @@ title: 2. Airgapped (optional) weight: 15 description: > - Configuring EKS Anywhere for airgapped environments + Configure EKS Anywhere for airgapped environments --- -When creating an EKS Anywhere cluster, there may be times where you need to do so in an airgapped -environment. -In this type of environment, cluster nodes are connected to the Admin Machine, but not to the -internet. -In order to download images and artifacts, however, the Admin machine needs to be temporarily -connected to the internet. +EKS Anywhere can be used in airgapped environments, where clusters are not connected to the internet or external networks. -An airgapped environment is especially important if you require the most secure networks. -EKS Anywhere supports airgapped installation for creating clusters using a registry mirror. -For airgapped installation to work, the Admin machine must have: +If you are planning to run EKS Anywhere in an airgapped environments, before you create a cluster, you must temporarily connect your Admin machine to the internet to install the `eksctl` CLI and pull the required EKS Anywhere dependencies. Once these dependencies are downloaded and imported in a local registry, you no longer need internet access. In the EKS Anywhere cluster specification, you can configure EKS Anywhere to use your local registry mirror. When the registry mirror configuration is set in the EKS Anywhere cluster specification, EKS Anywhere configures containerd to pull from that registry instead of Amazon ECR during cluster creation and lifecycle operations. For more information, reference the [Registry Mirror Configuration documentation.]({{< relref "../optional/registrymirror" >}}) -* Temporary access to the internet to download images and artifacts -* Ample space (80 GB or more) to store artifacts locally +If you are using Ubuntu or RHEL as the operating system for nodes in your EKS Anywhere cluster, you must connect to the internet while building the images with the EKS Anywhere image-builder tool. After building the operating system images, you can configure EKS Anywhere to pull the operating system images from a location of your chosing in the EKS Anywhere cluster specification. For more information on the image building process and operating system cluster specification, reference the [Operating System Management documentation.]({{< relref "../../osmgmt/overview" >}}) +### Overview -To create a cluster in an airgapped environment, perform the following: +The process for preparing your airgapped environment for EKS Anywhere is summarized by the following steps: +1. Use the `eksctl anywhere` CLI to download EKS Anywhere artifacts. These artifacts are `yaml` files that contain the list and locations of the EKS Anywhere dependencies. +1. Use the `eksctl anywhere` CLI to download EKS Anywhere images. These images include EKS Anywhere dependencies including EKS Distro components, Cluster API provider components, and EKS Anywhere components such as the EKS Anywhere controllers, Cilium CNI, kube-vip, and cert-manager. +1. Set up your local registry following the steps in the [Registry Mirror Configuration documentation.]({{< relref "../optional/registrymirror" >}}) +1. Use the `eksctl anywhere` CLI to import the EKS Anywhere images to your local registry. +1. Optionally use the `eksctl anywhere` CLI to copy EKS Anywhere Curated Packages images to your local registry. -1. Download the artifacts and images that will be used by the cluster nodes to the Admin machine using the following command: - ```bash - eksctl anywhere download artifacts - ``` - A compressed file `eks-anywhere-downloads.tar.gz` will be downloaded. +### Prerequisites +- An existing [Admin machine]({{< relref "../install" >}}) +- Docker running on the Admin machine +- At least 80GB in storage space on the Admin machine to temporarily store the EKS Anywhere images locally before importing them to your local registry. Currently, when downloading images, EKS Anywhere pulls all dependencies for all infrastructure providers and supported Kubernetes versions. +- The download and import images commands must be run on an amd64 machine to import amd64 images to the registry mirror. -1. To decompress this file, use the following command: - ```bash - tar -xvf eks-anywhere-downloads.tar.gz - ``` - This will create an eks-anywhere-downloads folder that we’ll be using later. +### Procedure -1. In order for the next command to run smoothly, ensure that Docker has been pre-installed and is running. Then run the following: - ```bash - eksctl anywhere download images -o images.tar - ``` +{{% content "./airgap-steps.md" %}} -1. If you want to use curated packages, refer to [Curated Packages]({{< relref "../../packages/prereq#prepare-curated-packages-for-airapped-clusters" >}}) to copy curated packages to your registry mirror. +If the previous steps succeeded, all of the required EKS Anywhere dependencies are now present in your local registry. Before you create your EKS Anywhere cluster, configure `registryMirrorConfiguration` in your EKS Anywhere cluster specification with the information for your local registry. For details see the [Registry Mirror Configuration documentation.]({{< relref "../../getting-started/optional/registrymirror/#registry-mirror-cluster-spec" >}}) -{{% alert title="Warning" color="warning" %}} -`eksctl anywhere download images` and `eksctl anywhere import images` command need to be run on an amd64 machine to import amd64 images to the registry mirror. -{{% /alert %}} +>**_NOTE:_** If you are running EKS Anywhere on bare metal, you must configure `osImageURL` and `hookImagesURLPath` in your EKS Anywhere cluster specification with the location of your node operating system image and the hook OS image. For details, reference the [bare metal configuration documentation.]({{< relref "../baremetal/bare-spec/#osimageurl" >}}) - **For the remaining steps, the Admin machine no longer needs to be connected to the internet or the bastion host.** - -1. Next, you will need to set up a local registry mirror to host the downloaded EKS Anywhere images. In order to set one up, refer to [Registry Mirror configuration.]({{< relref "../../getting-started/optional/registrymirror.md" >}}) - -1. Now that you’ve configured your local registry mirror, you will need to import images to the local registry mirror using the following command (be sure to replace with the url of the local registry mirror you created in step 4): - ```bash - eksctl anywhere import images -i images.tar -r \ - --bundles ./eks-anywhere-downloads/bundle-release.yaml - ``` -You are now ready to deploy a cluster by selecting your provider from the [EKS Anywhere providers]({{< relref "/docs/getting-started/chooseprovider" >}}) page and following those instructions. - -### For Bare Metal (Tinkerbell) -You will need to have hookOS and its OS artifacts downloaded and served locally from an HTTP file server. -You will also need to modify the [hookImagesURLPath]({{< relref "../baremetal/bare-spec/#hookimagesurlpath" >}}) and the [osImageURL]({{< relref "../baremetal/bare-spec/#osimageurl" >}}) in the cluster configuration files. -Ensure that structure of the files is set up as described in [hookImagesURLPath.]({{< relref "../baremetal/bare-spec/#hookimagesurlpath" >}}) - -### For vSphere -If you are using the vSphere provider, be sure that the requirements in the -[Prerequisite checklist]({{< relref "../vsphere/vsphere-prereq/" >}}) have been met. - -## Deploy a cluster - -Once you have the tools installed you can deploy a cluster by [choosing a provider]({{< relref "/docs/getting-started/chooseprovider/" >}}) - -## Upgrade an airgapped cluster - -To upgrade an airgapped cluster, see [upgrade airgapped cluster]({{< relref "../../clustermgmt/cluster-upgrades/airgapped-upgrades.md" >}}) +### Next Steps +- Review EKS Anywhere [cluster networking requirements]({{< relref "../ports" >}}) +- Review EKS Anywhere [infrastructure providers and their prerequisites]({{< relref "../chooseprovider" >}}) +- Review the [upgrade procedure]({{< relref "../../clustermgmt/cluster-upgrades/airgapped-upgrades.md" >}}) for EKS Anywhere in airgapped environments diff --git a/docs/content/en/docs/getting-started/airgapped/airgap-packages.md b/docs/content/en/docs/getting-started/airgapped/airgap-packages.md new file mode 100644 index 000000000000..5bbf540a4c81 --- /dev/null +++ b/docs/content/en/docs/getting-started/airgapped/airgap-packages.md @@ -0,0 +1,13 @@ +--- +toc_hide: true +--- +If you are running in an airgapped environment and you set up a local registry mirror, you can copy curated packages from Amazon ECR to your local registry mirror with the following command. + +The `$BUNDLE_RELEASE_YAML_PATH` should be set to the `eks-anywhere-downloads/bundle-release.yaml` location where you unpacked the tarball from the`eksctl anywhere download artifacts` command. The `$REGISTRY_MIRROR_CERT_PATH` and `$REGISTRY_MIRROR_URL` values must be the same as the `registryMirrorConfiguration` in your EKS Anywhere cluster specification. + +```bash +eksctl anywhere copy packages \ + --bundle ${BUNDLE_RELEASE_YAML_PATH} \ + --dst-cert ${REGISTRY_MIRROR_CERT_PATH} \ + ${REGISTRY_MIRROR_URL} +``` \ No newline at end of file diff --git a/docs/content/en/docs/getting-started/airgapped/airgap-steps.md b/docs/content/en/docs/getting-started/airgapped/airgap-steps.md new file mode 100644 index 000000000000..04e861ef50eb --- /dev/null +++ b/docs/content/en/docs/getting-started/airgapped/airgap-steps.md @@ -0,0 +1,36 @@ +--- +toc_hide: true +--- +1. Download the EKS Anywhere artifacts that contain the list and locations of the EKS Anywhere dependencies. A compressed file `eks-anywhere-downloads.tar.gz` will be downloaded. You can use the `eksctl anywhere download artifacts --dry-run` command to see the list of artifacts it will download. + ```bash + eksctl anywhere download artifacts + ``` + +1. Decompress the `eks-anywhere-downloads.tar.gz` file using the following command. This will create an `eks-anywhere-downloads` folder. + ```bash + tar -xvf eks-anywhere-downloads.tar.gz + ``` + +1. Download the EKS Anywhere image dependencies to the Admin machine. This command may take several minutes (10+) to complete. To monitor the progress of the command, you can run with the `-v 6` command line argument, which will show details of the images that are being pulled. Docker must be running for the following command to succeed. + ```bash + eksctl anywhere download images -o images.tar + ``` + +1. Set up a local registry mirror to host the downloaded EKS Anywhere images and configure your Admin machine with the certificates and authentication information if your registry requires it. For details, refer to the [Registry Mirror Configuration documentation.]({{< relref "../../getting-started/optional/registrymirror/#configure-local-registry-mirror" >}}) + +1. Import images to the local registry mirror using the following command. Set `REGISTRY_MIRROR_URL` to the url of the local registry mirror you created in the previous step. This command may take several minutes to complete. To monitor the progress of the command, you can run with the `-v 6` command line argument. + ```bash + export REGISTRY_MIRROR_URL= + ``` + ```bash + eksctl anywhere import images -i images.tar -r ${REGISTRY_MIRROR_URL} \ + --bundles ./eks-anywhere-downloads/bundle-release.yaml + ``` + +1. Optionally import curated packages to your registry mirror. The curated packages images are copied from Amazon ECR to your local registry mirror in a single step, as opposed to separate download and import steps. For post-cluster creation steps, reference the [Curated Packages documentation.]({{< relref "../../packages/prereq/#prepare-for-using-curated-packages-for-airgapped-environments" >}}) + +
+ Expand for curated packages instructions +
+ {{% content "airgap-packages.md" %}} +
\ No newline at end of file diff --git a/docs/content/en/docs/getting-started/baremetal/bare-prereq.md b/docs/content/en/docs/getting-started/baremetal/bare-prereq.md index 80d8e894cdcd..7e4dab31c199 100644 --- a/docs/content/en/docs/getting-started/baremetal/bare-prereq.md +++ b/docs/content/en/docs/getting-started/baremetal/bare-prereq.md @@ -54,7 +54,7 @@ Here are other network requirements: >**_NOTE:_**: If you have another DHCP service running on the network, you need to prevent it from interfering with the EKS Anywhere DHCP service. You can do that by configuring the other DHCP service to explicitly block all MAC addresses and exclude all IP addresses that you plan to use with your EKS Anywhere clusters. -* The administrative machine and the target workload environment will need network access to: +* If you have not followed the [steps for airgapped environments]({{< relref "../airgapped" >}}), then the administrative machine and the target workload environment need network access (TCP/443) to: * public.ecr.aws * anywhere-assets.eks.amazonaws.com: To download the EKS Anywhere binaries, manifests and OVAs @@ -68,7 +68,7 @@ Here are other network requirements: >**_NOTE:_** When you set up your cluster configuration YAML file, the endpoint and Tinkerbell addresses are set in the `ControlPlaneConfiguration.endpoint.host` and `tinkerbellIP` fields, respectively. -* Ports must be open to the Admin machine and cluster machines as described in Ports and protocols. +* Ports must be open to the Admin machine and cluster machines as described in the [Cluster Networking documentation]({{< relref "../ports" >}}). ## Validated hardware diff --git a/docs/content/en/docs/getting-started/chooseprovider/_index.md b/docs/content/en/docs/getting-started/chooseprovider/_index.md index 96bb679e6c84..8e99558256ce 100644 --- a/docs/content/en/docs/getting-started/chooseprovider/_index.md +++ b/docs/content/en/docs/getting-started/chooseprovider/_index.md @@ -3,25 +3,16 @@ title: 4. Choose provider main_menu: true weight: 17 description: > - Choose an EKS Anywhere provider to deploy a cluster + Choose an infrastructure provider for EKS Anywhere clusters --- - +EKS Anywhere supports many different types of infrastructure including VMWare vSphere, bare metal, Snow, Nutanix, and Apache CloudStack. You can also run EKS Anywhere on Docker for dev/test use cases only. EKS Anywhere clusters can only run on a single infrastructure provider. For example, you cannot have some vSphere nodes, some bare metal nodes, and some Snow nodes in a single EKS Anywhere cluster. Management clusters also must run on the same infrastructure provider as workload clusters. -EKS Anywhere can be deployed as a simple, unsupported local environment or as a production-quality environment that can become a supported on-premises Kubernetes platform. -This section lists the different ways to set up and run EKS Anywhere. -When you install EKS Anywhere, choose an installation type based on: ease of maintenance, security, control, available resources, and expertise required to operate and manage a cluster. +Detailed information on each infrastructure provider can be found in the sections below. Review the infrastructure provider's prerequisites in-depth before creating your first cluster. - - -[Install on Bare Metal]({{< relref "../baremetal/" >}}) - -[Install on vSphere]({{< relref "../vsphere/" >}}) - -[Install on CloudStack]({{< relref "../cloudstack/" >}}) - -[Install on Nutanix]({{< relref "../nutanix/" >}}) - -[Install on Snow]({{< relref "../snow/" >}}) - -[Install on Docker (dev only)]({{< relref "../docker/" >}}) +##### [**Install on vSphere**]({{< relref "../vsphere/" >}}) +##### [**Install on Bare Metal**]({{< relref "../baremetal/" >}}) +##### [**Install on Snow**]({{< relref "../snow/" >}}) +##### [**Install on CloudStack**]({{< relref "../cloudstack/" >}}) +##### [**Install on Nutanix**]({{< relref "../nutanix/" >}}) +##### [**Install on Docker (dev only)**]({{< relref "../docker/" >}}) diff --git a/docs/content/en/docs/getting-started/install/_index.md b/docs/content/en/docs/getting-started/install/_index.md index 5ea3c0390cdf..252e1fc332ea 100644 --- a/docs/content/en/docs/getting-started/install/_index.md +++ b/docs/content/en/docs/getting-started/install/_index.md @@ -26,7 +26,8 @@ See [Create cluster workflow]({{< relref "../overview" >}}) for an overview of t - 4 CPU cores - 16GB memory - 30GB free disk space -- Administrative machine must be on the same Layer 2 network as the cluster machines (Bare Metal provider only). +- If you are running in an airgapped environment, the Admin machine must be amd64. +- If you are running EKS Anywhere on bare metal, the Admin machine must be on the same Layer 2 network as the cluster machines. Here are a few other things to keep in mind: diff --git a/docs/content/en/docs/getting-started/optional/registrymirror.md b/docs/content/en/docs/getting-started/optional/registrymirror.md index 275e79be6770..524f419a71b6 100644 --- a/docs/content/en/docs/getting-started/optional/registrymirror.md +++ b/docs/content/en/docs/getting-started/optional/registrymirror.md @@ -5,11 +5,14 @@ weight: 40 aliases: /docs/reference/clusterspec/optional/registrymirror/ description: > - EKS Anywhere cluster yaml specification for registry mirror configuration + EKS Anywhere cluster specification for registry mirror configuration --- -## Registry Mirror Support (optional) -You can configure EKS Anywhere to use a private registry as a mirror for pulling the required images. +You can configure EKS Anywhere to use a local registry mirror for its dependencies. When a registry mirror is configured in the EKS Anywhere cluster specification, EKS Anywhere will use it instead of defaulting to Amazon ECR for its dependencies. For details on how to configure your local registry mirror for EKS Anywhere, see the [Configure local registry mirror]({{< relref "./registrymirror/#configure-local-registry-mirror" >}}) section. + +See the [airgapped documentation page]({{}}) for instructions on downloading and importing EKS Anywhere dependencies to a local registry mirror. + +## Registry Mirror Cluster Spec The following cluster spec shows an example of how to configure registry mirror: ```yaml @@ -33,7 +36,7 @@ spec: es6RXmsCj... -----END CERTIFICATE----- ``` -## Registry Mirror Configuration Spec Details +## Registry Mirror Cluster Spec Details ### __registryMirrorConfiguration__ (optional) * __Description__: top level key; required to use a private registry. * __Type__: object @@ -94,54 +97,10 @@ export REGISTRY_PASSWORD= * __Description__: optional field to skip the registry certificate verification. Only use this solution for isolated testing or in a tightly controlled, air-gapped environment. Currently only supported for Ubuntu and RHEL OS. * __Type__: boolean -## Import images into a private registry -You can use the `download images` and `import images` commands to pull images from `public.ecr.aws` and push them to your -private registry. -The `copy packages` must be used if you want to copy EKS Anywhere Curated Packages to your registry mirror. -The `download images` command also pulls the Cilium chart from `public.ecr.aws` and pushes it to the registry mirror. It requires the registry credentials for performing a login. Set the following environment variables for the login: -```bash -export REGISTRY_USERNAME= -export REGISTRY_PASSWORD= -``` - -{{% alert title="Warning" color="warning" %}} -`eksctl anywhere download images` and `eksctl anywhere import images` command need to be run on an amd64 machine to import amd64 images to the registry mirror. -{{% /alert %}} - -Download the EKS Anywhere artifacts to get the EKS Anywhere bundle: -```bash -eksctl anywhere download artifacts -tar -xzf eks-anywhere-downloads.tar.gz -``` - -Download and import EKS Anywhere images: -```bash -REGISTRY_ENDPOINT= -eksctl anywhere download images -o eks-anywhere-images.tar -docker login https://${REGISTRY_ENDPOINT} -... -eksctl anywhere import images -i eks-anywhere-images.tar --bundles eks-anywhere-downloads/bundle-release.yaml --registry ${REGISTRY_ENDPOINT} -``` - -Use the EKS Anywhere bundle to copy packages: -```bash -eksctl anywhere copy packages --bundle ./eks-anywhere-downloads/bundle-release.yaml --dst-cert rootCA.pem ${REGISTRY_ENDPOINT} -``` - -## Docker configurations -It is necessary to add the private registry's CA Certificate -to the list of CA certificates on the admin machine if your registry uses self-signed certificates. - -For [Linux](https://docs.docker.com/engine/security/certificates/), you can place your certificate here: `/etc/docker/certs.d//ca.crt` - -For [Mac](https://docs.docker.com/desktop/mac/#add-tls-certificates), you can follow this guide to add the certificate to your keychain: https://docs.docker.com/desktop/mac/#add-tls-certificates +## Configure local registry mirror -{{% alert title="Note" color="primary" %}} - You may need to restart Docker after adding the certificates. -{{% /alert %}} - -## Registry configurations -Depending on what registry you decide to use, you will need to create the following projects: +### Project configuration +The following projects must be created in your registry before importing the EKS Anywhere images: ``` bottlerocket @@ -151,7 +110,7 @@ isovalent cilium-chart ``` -For example, if a registry is available at `private-registry.local`, then the following projects will have to be created: +For example, if a registry is available at `private-registry.local`, then the following projects must be created. ``` https://private-registry.local/bottlerocket @@ -160,3 +119,19 @@ https://private-registry.local/eks-distro https://private-registry.local/isovalent https://private-registry.local/cilium-chart ``` + +### Admin machine configuration +You must configure the Admin machine with the information it needs to communicate with your registry. + +Add the registry's CA certificate to the list of CA certificates on the Admin machine if your registry uses self-signed certificates. + +- For [Linux](https://docs.docker.com/engine/security/certificates/), you can place your certificate here: `/etc/docker/certs.d//ca.crt` +- For [Mac](https://docs.docker.com/desktop/mac/#add-tls-certificates), you can follow this guide to add the certificate to your keychain: https://docs.docker.com/desktop/mac/#add-tls-certificates + +If your registry uses authentication, the following environment variables must be set on the Admin machine before running the `eksctl anywhere import images` command. +```bash +export REGISTRY_USERNAME= +export REGISTRY_PASSWORD= +``` + + diff --git a/docs/content/en/docs/packages/prereq.md b/docs/content/en/docs/packages/prereq.md index 74109e92f1b4..09a53596a8e5 100644 --- a/docs/content/en/docs/packages/prereq.md +++ b/docs/content/en/docs/packages/prereq.md @@ -116,19 +116,21 @@ docker pull 783794618700.dkr.ecr.us-west-2.amazonaws.com/emissary-ingress/emissa ``` If the image downloads successfully, it worked! -### Prepare curated packages for airapped clusters +### Prepare for using curated packages for airgapped environments -When your cluster is airgapped and you have setup a registry mirror, copy the latest packages from curated packages private ECR to your registry mirror +{{% content "../getting-started/airgapped/airgap-packages.md" %}} -```bash -eksctl anywhere copy packages --bundle ${BUNDLE_RELEASE_YAML_PATH} --dst-cert ${REGISTRY_MIRROR_CERT} ${REGISTRY_MIRROR_URL} -``` - -And make sure your PackageBundleController.spec is configured to download curated package images from your registry mirror. [DefaultRegistry and defaultImageRegistry]({{< relref "./packages/#packagebundlecontrollerspec" >}}) should have values similar to the following: +Once the curated packages images are in your local registry mirror, you must configure the curated packages controller to use your local registry mirror post-cluster creation. Configure the `defaultImageRegistry` and `defaultRegistry` settings for the `PackageBundleController` to point to your local registry mirror by applying a similar `yaml` definition as the one below to your standalone or management cluster. Existing `PackageBundleController` can be changed, and you do not need to deploy a new `PackageBundleController`. See the [Packages configuration documentation]({{< relref "./packages/#packagebundlecontrollerspec" >}}) for more information. ```yaml -defaultImageRegistry: ${REGISTRY_MIRROR_URL}/curated-packages -defaultRegistry: ${REGISTRY_MIRROR_URL}/eks-anywhere +apiVersion: anywhere.eks.amazonaws.com/v1alpha1 +kind: PackageBundleController +metadata: + name: eksa-packages-bundle-controller + namespace: eksa-packages +spec: + defaultImageRegistry: ${REGISTRY_MIRROR_URL}/curated-packages + defaultRegistry: ${REGISTRY_MIRROR_URL}/eks-anywhere ``` ### Discover curated packages @@ -136,9 +138,9 @@ defaultRegistry: ${REGISTRY_MIRROR_URL}/eks-anywhere You can get a list of the available packages from the command line: ```bash -export CLUSTER_NAME=nameofyourcluster +export CLUSTER_NAME= export KUBECONFIG=${PWD}/${CLUSTER_NAME}/${CLUSTER_NAME}-eks-a-cluster.kubeconfig -eksctl anywhere list packages --kube-version 1.23 +eksctl anywhere list packages --kube-version 1.27 ``` Example command output: @@ -158,12 +160,11 @@ emissary-crds 3.3.0-cbf71de34d8bb5a72083f497d599da63e8b3837b prometheus 2.41.0-b53c8be243a6cc3ac2553de24ab9f726d9b851ca ``` -### Generate a curated-packages config +### Generate curated packages configuration The example shows how to install the `harbor` package from the [curated package list]({{< relref "./packagelist/" >}}). + ```bash -export CLUSTER_NAME=nameofyourcluster -eksctl anywhere generate package harbor --cluster ${CLUSTER_NAME} --kube-version 1.23 > packages.yaml +export CLUSTER_NAME= +eksctl anywhere generate package harbor --cluster ${CLUSTER_NAME} --kube-version 1.27 > harbor-spec.yaml ``` - -Available curated packages and troubleshooting guides are listed below.